Criminals use ransomware (a form of malware) to take over files or computer systems and demand a fee in exchange for their return. With global ransomware damage predicted to reach $11.5 billion in 2019, it's crucial every business has ransomware protection. In this post, we discuss ransomware and reveal how to protect your business against ransomware attacks.
Criminals employ a variety of tactics to deploy ransomware. One of the most common ways to spread ransomware and other types of malware is through malicious emails. The user clicks a link or email attachment, which prompts the malware to download onto the device.
Another user action that could result in ransomware being deployed is clicking on a malicious advertisement (malvertisement). These are typically found on less-than-reputable sites, but can find their way onto legitimate websites, unbeknownst to the site owner.
Cybercriminals in the ransomware business are savvy in finding ways to maximize gain, which is why some newer ransomware attacks involve worms. A worm is self-replicating and can easily attack multiple victims. Once one computer on the network is infected, other computers on the network are vulnerable too.
So what does ransomware do? Most ransomware these days involves encryption. The ransomware will encrypt files and block access until the ransom is paid. Ransoms are often demanded in the form of a cryptocurrency such as bitcoin or monero and may be time-sensitive.
Other, less common types of ransomware include scareware, which persuades you to purchase a program to remove a fake virus, and screen-locker ransomware, which prevents you from accessing certain computer functions, such as your menu. These are both typically easier to deal with than encrypting ransomware.
Ransomware can be hugely damaging to businesses, with losses reaching billions of dollars in some cases. Aside from the ransom fee, there are other monetary losses to consider. Depending on the attack, you may face the disablement of mission-critical systems, such as inventory and payment systems. Interruptions lasting a few minutes can be costly for businesses, and hours and days can be catastrophic.
Some companies also have to deal with repercussions related to data privacy concerns and many attacks may result in the loss of personally identifiable information. It's not uncommon for this business or customer data to find its way onto the dark web where it's shared amongst criminals and sold for a profit. Aside from landing you in hot water with authorities, this can lead to a damaged reputation with customers, employees, and associates, and even a decline in stock prices.
Even if you're doing your best to protect your business and following best practices to a tee, you may still find yourself faced with an attack. And once a ransom is paid, there's no guarantee that you'll get your files fully or even partially restored. Even if you do, you really have no clue if the criminal has copied data and is selling it on the dark web or keeping it for future use.
Clearly, ransomware is bad for business and you want to do everything you can to protect against it. In this section, we reveal how to protect your business from ransomware.
Keeping software up to date is an important step in ransomware protection. One of the main reasons software updates are issued is to patch security holes in systems and applications. These vulnerabilities are often exploited by criminals as a means to expose your system to ransomware.
While systems can be flawed, one of the biggest considerations in ransomware protection is the human factor. Employees need to be trained to look out for emails with suspicious links or attachments and avoid clicking on advertisements or popups which could contain harmful malware.
For example, they should always watch out for misspellings in company names in email sender addresses, poor grammar in the body of emails, file types that are commonly used for infecting computers (for example, .exe and .zip), and suspicious URLs when hovering over links.
Having a solid antivirus software in place can be a solid line of defense in terms of ransomware protection. This can detect known threats and stop them finding their way on to a given device. It will also redirect users away from known malicious websites.
Firewalls can prevent traffic entering certain ports or block all traffic sent from untrusted IP addresses. As such, a firewall can help prevent ransomware finding its way on to your system.
While it doesn't provide direct protection against ransomware, creating regular backups of all files can drastically decrease the cost (and stress) involved in a ransomware attack. Online backup systems can create regular backups of your data and you can customize backups such that your most important data is prioritized.
Bear in mind that some ransomware can actually encrypt your backups too, so it's a good idea to create multiple backups stored in different locations for added protection. For example, you may have a physical hard drive with backups as well as online cloud backups.
While it can be frustrating for you and your employees to not be able to open certain types of files, it's better to be safe than sorry. Common files used by criminals to spread malware are those ending in .exe and .zip. As such, for protection against ransomware, it's a good idea to simply prevent those types of files running altogether. Some malware is macro-based, so blocking macros can help with prevention against these threats.
Bring Your Own Device (BYOD) programs can be very convenient and seemingly cost-effective. However, they come with a high threat risk as you don't know what systems and applications are installed on them and whether they're properly protected against threats. As such, the best protection is to have a policy against BYOD, and especially against connecting employee-owned devices to the company network.
Out of convenience, it's possible that many of your employees have far more user privileges than they need. Whether it's intentional or not, these employees may abuse those privileges and wreak havoc on the system. Limiting privileges on an individual and as-needed basis can help protect against ransomware and other types of malware.
It's worth noting that even with all of these prevention measures in place, if ransomware does find its way on to your system, it's important not to panic. Paying the ransom is something that should be avoided, and only dealt with by professionals. Even the experts in your IT department are likely not qualified to deal with such situations.
To minimize the damage during a ransomware attack, have the number for a reputable cybersecurity agency on hand to call in case of emergency.
Ransomware is a real threat to businesses, with global ransomware damage costs expected to top $20 billion by 2021. Any business, small or large, is vulnerable, and with increasingly sophisticated malware, it's important to be proactive and protect against attacks.
Companies are protecting themselves from ransomware by following best practices and leaning on professionals when needed. Cytelligence's can help you protect your business by evaluating your current programs and suggesting measures to put in place.
We can deal with every facet of a ransomware attack including coordinating payment where necessary and investigating any lasting impact the attack might have. We'll even provide ongoing training to help you protect against future attacks.
Contact Cytelligence experts to ensure your business is securely protected against all types of ransomware.
Any solution starts with a conversation. Our team is ready to discuss your projects, immediate security concerns and confidential actions. We are looking forward to hearing from you.